2023-08-26_e12d1c1dcff9c35a3878957d226973e4_magniber_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

2023-08-26_e12d1c1dcff9c35a3878957d226973e4_magniber_JC.exe
Size

3.4MB
MD5

e12d1c1dcff9c35a3878957d226973e4
SHA1

54748aabaae8347e345b7100fae220977334e5be
SHA256

d99c92b7afc46e2ef8ea0441932da8230140d26c04a2384a630f98927ad6cb56
SHA512

9ec88b580c20e5a2348f3e31ae5b56f614a06fd6f8f3b4b8176946d5ae7ee84c7a07e6d3cc9d4552ea91d1641c01c04a8c2cd6ee6cb33d4ca6a694fff2202358
SSDEEP

49152:dSwxgGjMTeWuVMQhmRM0Ygim6h820jGJMLB3tCZY6qqKO3Mc7jPkm2dXJDlx:dfcb3smt6qqKCMIGD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2023-08-26_e12d1c1dcff9c35a3878957d226973e4_magniber_JC.exe

Files

2023-08-26_e12d1c1dcff9c35a3878957d226973e4_magniber_JC.exe
.exe windows:6 windows x86

5b8f035ea380bacd5950e48cfd83c6e4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetModuleHandleExW
HeapFree
HeapAlloc
GetCurrentThread
MultiByteToWideChar
GetACP
WideCharToMultiByte
GetStdHandle
GetFileType
GetStartupInfoW
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetStringTypeW
SetConsoleCtrlHandler
GetProcessHeap
IsValidCodePage
GetOEMCP
GetCPInfo
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
GetModuleFileNameW
WriteConsoleW
OutputDebugStringA
OutputDebugStringW
WaitForSingleObjectEx
HeapSize
HeapReAlloc
InterlockedPushEntrySList
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
TlsGetValue
ReadFile
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeW
GetLocalTime
FindClose
FindFirstFileW
LoadLibraryW
WaitNamedPipeW
CreateFileA
DeleteFileA
FileTimeToLocalFileTime
GetFileInformationByHandle
LocalFileTimeToFileTime
SetFileInformationByHandle
SetFilePointer
GetTempPathA
GetTempFileNameA
FileTimeToDosDateTime
DosDateTimeToFileTime
QueryPerformanceFrequency
ExpandEnvironmentStringsW
GetFullPathNameW
CreateProcessA
CreateProcessW
GetModuleHandleA
LocalAlloc
lstrcmpA
lstrcmpW
GetFullPathNameA
SetEndOfFile
GetCurrentDirectoryW
SetCurrentDirectoryW
ReadConsoleW
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
GetCommandLineA
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
PeekNamedPipe
GetDriveTypeW
GetModuleFileNameA
RtlUnwind
EncodePointer
InitializeCriticalSectionEx
RaiseException
DecodePointer
LocalFree
GetTimeFormatW
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetTickCount
InterlockedFlushSList
GetDateFormatW
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FormatMessageW
K32GetProcessImageFileNameW
K32GetModuleBaseNameW
K32EnumProcessModules
K32EnumProcesses
WTSGetActiveConsoleSessionId
VerifyVersionInfoW
GetProcAddress
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
VerSetConditionMask
GetModuleHandleW
GetSystemDirectoryW
OpenProcess
GetCurrentProcess
SignalObjectAndWait
Sleep
CreateEventW
ResetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetCommandLineW
RegisterWaitForSingleObject
OpenEventW
CreateMutexW
WaitForSingleObject
ReleaseMutex
SetEvent
CloseHandle
GetCurrentThreadId
CreateFileW
GetFileAttributesW

user32

GetMessageW
DispatchMessageW
RegisterDeviceNotificationW
UnregisterDeviceNotification
TranslateMessage
DefWindowProcW
RegisterClassW
CreateWindowExW
DestroyWindow
LoadCursorW
LoadIconW
PostMessageW
ChangeDisplaySettingsExA
EnumDisplayDevicesW
SendMessageW
UnregisterClassW
GetUserObjectInformationW
GetThreadDesktop
LoadStringW
OpenDesktopW
OpenInputDesktop
CloseDesktop
SetThreadDesktop

gdi32

GetDeviceGammaRamp
DeleteDC
CreateDCA
SetDeviceGammaRamp

advapi32

RegQueryValueExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDisablePredefinedCacheEx
RegOpenCurrentUser
RegCloseKey
RevertToSelf
ImpersonateLoggedOnUser
SystemFunction036
PerfSetULongCounterValue
PerfDeleteInstance
PerfCreateInstance
PerfSetCounterSetInfo
PerfStopProvider
PerfStartProvider
RegGetValueW
CreateProcessWithTokenW
LookupAccountSidW
GetTokenInformation
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfig2W
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW

shell32

SHGetFolderPathW
SHGetFolderPathA
CommandLineToArgvW

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitializeSecurity

oleaut32

SafeArrayCreateVector
SafeArrayDestroy
SafeArrayCreate
CreateErrorInfo
SetErrorInfo
GetErrorInfo
SafeArrayUnaccessData
SysAllocString
SysFreeString
SysStringLen
VariantInit
VariantClear
VariantCopy
VariantChangeType
SysStringByteLen
SafeArrayAccessData
SafeArrayPutElement

shlwapi

PathFindExtensionA
PathAppendW
PathAddExtensionW
PathAddBackslashW
PathFindFileNameW
PathFindExtensionW
PathAppendA
PathIsFileSpecW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

cabinet

ord11
ord13
ord14
ord20
ord22
ord23
ord10

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 625KB - Virtual size: 624KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 37KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 185KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b8f035ea380bacd5950e48cfd83c6e4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

wtsapi32

version

cabinet

userenv

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 625KB - Virtual size: 624KB

.data Size: 37KB - Virtual size: 71KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 180KB - Virtual size: 179KB

.reloc Size: 185KB - Virtual size: 188KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 625KB - Virtual size: 624KB

.data
Size: 37KB - Virtual size: 71KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 180KB - Virtual size: 179KB

.reloc
Size: 185KB - Virtual size: 188KB